Confidentialising Maps of Mixed Point and Diffuse Spatial Data

In this paper we provide an introduction to the area of disseminating spatial data through maps, including an overview of confidentialisation techniques. To date, published methods have focussed on confidentialising maps of spatial point data, mainly in the context of epidemiological and health research. However, maps of spatial data sets of point and diffuse (line and area) records are becoming more important and require confidentialisation in some applications. In this paper we propose a method for confidentialising maps of spatial data sets which include a mixture of point, line and area records. The method combines and adapts traditional non-perturbative disclosure control techniques.

[1]  Felix Ritchie,et al.  Disclosure detection in research environments in practice , 2007 .

[2]  Leah K VanWey,et al.  Confidentiality and spatially explicit data: Concerns and challenges , 2005, Proceedings of the National Academy of Sciences of the United States of America.

[3]  Martin Kulldorff,et al.  Lumping or splitting: seeking the preferred areal unit for health geography studies , 2005, International journal of health geographics.

[4]  Jerome P. Reiter,et al.  New Approaches to Data Dissemination: A Glimpse into the Future (?) , 2004 .

[5]  William B Allshouse,et al.  Practice of Epidemiology Mapping Health Data: Improved Privacy Protection With Donut Method Geomasking , 2010 .

[6]  Ashwin Machanavajjhala,et al.  No free lunch in data privacy , 2011, SIGMOD '11.

[7]  Natalie Shlomo Statistical disclosure control methods for census frequency tables , 2007 .

[8]  John S Brownstein,et al.  An unsupervised classification method for inferring original case locations from low-resolution disease maps , 2006, International journal of health geographics.

[9]  Andrew Curtis,et al.  Confidentiality risks in fine scale aggregations of health data , 2011, Comput. Environ. Urban Syst..

[10]  Dale L. Zimmerman,et al.  Quantifying the Effects of Mask Metadata Disclosure and Multiple Releases on the Confidentiality of Geographically Masked Health Data , 2007 .

[11]  J. Marc Overhage,et al.  Application of Information Technology: A Context-sensitive Approach to Anonymizing Spatial Surveillance Data: Impact on Outbreak Detection , 2006, J. Am. Medical Informatics Assoc..

[12]  Cynthia Dwork,et al.  Differential privacy and robust statistics , 2009, STOC '09.

[13]  Mark Manulis,et al.  Cryptology and Network Security , 2012, Lecture Notes in Computer Science.

[14]  Caroline Rasheed,et al.  Mapping farm survey data in rural and regional Australia , 2000 .

[15]  Wolf Heinrich Reuter,et al.  Establishing an Infrastructure for Remote Access to Microdata at Eurostat , 2010, Privacy in Statistical Databases.

[16]  Shannon C. Wieland,et al.  Revealing the spatial distribution of a disease while preserving privacy , 2008, Proceedings of the National Academy of Sciences.

[17]  A. Curtis,et al.  Spatial confidentiality and GIS: re-engineering mortality locations from published maps about Hurricane Katrina , 2006, International journal of health geographics.

[18]  S. Fienberg Statistical Perspectives on Conÿdentiality and Data Access in Public Health , 2022 .

[19]  Cynthia Dwork,et al.  Differential Privacy for Statistics: What we Know and What we Want to Learn , 2010, J. Priv. Confidentiality.

[20]  Damien McAullay,et al.  Remote access methods for exploratory data analysis and statistical modelling: Privacy-Preserving Analytics® , 2008, Comput. Methods Programs Biomed..

[21]  Michael Leitner,et al.  Cartographic Guidelines for Geographically Masking the Locations of Confidential Point Data , 2004 .

[22]  L. Willenborg,et al.  Elements of Statistical Disclosure Control , 2000 .

[23]  Kenneth D Mandl,et al.  Privacy protection versus cluster detection in spatial epidemiology. , 2006, American journal of public health.

[24]  Josep Domingo-Ferrer,et al.  A Critique of the Sensitivity Rules Usually Employed for Statistical Table Protection , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[25]  Jordi Castro,et al.  Minimum-distance controlled perturbation methods for large-scale tabular data protection , 2006, Eur. J. Oper. Res..

[26]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[27]  Christine M. O'Keefe,et al.  Regression output from a remote analysis server , 2009, Data Knowl. Eng..

[28]  M. Boulos,et al.  Musings on privacy issues in health research involving disaggregate geographic data about individuals , 2009, International journal of health geographics.

[29]  Adam D. Smith,et al.  Asymptotically Optimal and Private Statistical Estimation , 2009, CANS.

[30]  Jerome P. Reiter,et al.  Data Dissemination and Disclosure Limitation in a World Without Microdata: A Risk-Utility Framework for Remote Access Analysis Servers , 2005 .

[31]  P. Doyle,et al.  Confidentiality, Disclosure and Data Access: Theory and Practical Applications for Statistical Agencies , 2001 .

[32]  Cynthia Dwork,et al.  Privacy, accuracy, and consistency too: a holistic solution to contingency table release , 2007, PODS.

[33]  Josep Domingo-Ferrer,et al.  Inference Control in Statistical Databases , 2002, Lecture Notes in Computer Science.

[34]  Arnold P. Reznek,et al.  Recent Confidentiality Research Related to Access to Enterprise Microdata , 2006 .

[35]  G. Rushton,et al.  Geographically masking health data to preserve confidentiality. , 1999, Statistics in medicine.

[36]  Dale A. Robertson,et al.  Cell Suppression: Experience and Theory , 2002, Inference Control in Statistical Databases.